|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH][P2M] add printk to NP PAE logic in p2m
Hi, On Tue, 2008-01-15 at 19:31 +0000, Keir Fraser wrote: > If we add that printk() then it's on a path triggerable by an HVM guest (via > the populate_physmap hypercall, for example) and there is a potential DoS > attack. The need to modify the Xen command line to enable NPT on PAE > hypervisor should really be caveat enough anyway. Hardly, there's no reason at all for a user to assume that enabling NPT in that situation will cause guest address spaces to be truncated. Ideally we'd have a text message delivered back to the user on all domain creations when this truncation happens. A log message is probably the minimum reasonable notification; truncating silently is a pretty poor option. There are plenty of solutions --- simply do the printk once per domain, for example, or rate-limit it, or don't do it when the physmap is populated but have a separate test at domain build time. But truncating silently seems to be one of the worst alternatives. Cheers, Stephen _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |